Protection of Safeguards Information, 64004-64068 [06-8900]

Agencies

• NUCLEAR REGULATORY COMMISSION

[Federal Register Volume 71, Number 210 (Tuesday, October 31, 2006)]
[Proposed Rules]
[Pages 64004-64068]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 06-8900]



[[Page 64003]]

-----------------------------------------------------------------------

Part IV





Nuclear Regulatory Commission





-----------------------------------------------------------------------



10 CFR Parts 2, 30, et al.



Protection of Safeguards Information; Proposed Rule

Federal Register / Vol. 71, No. 210 / Tuesday, October 31, 2006 / 
Proposed Rules

[[Page 64004]]


-----------------------------------------------------------------------

NUCLEAR REGULATORY COMMISSION

10 CFR Parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76, and 150

RIN: 3150-AH57


Protection of Safeguards Information

AGENCY: Nuclear Regulatory Commission.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Nuclear Regulatory Commission (NRC) is proposing to amend 
its regulations for the protection of Safeguards Information (SGI) to 
protect SGI from inadvertent release and unauthorized disclosure which 
might compromise the security of nuclear facilities and materials. The 
amendments would affect certain licensees, information, and materials 
not currently subject to SGI regulations, but which are within the 
scope of Commission authority under the Atomic Energy Act of 1954, as 
amended (AEA). The NRC originally published a proposed rule on SGI on 
February 11, 2005 (70 FR 7196). The NRC is again publishing the 
proposed rule on SGI protection requirements in order to allow the 
public to comment on changes to the proposed rule text in response to 
public comment and to reflect amendments to the AEA in the Energy 
Policy Act of 2005 (EPAct) and Commission Orders issued to licensees 
authorized to possess and transfer items containing certain quantities 
of radioactive material.

DATES: The comment period expires January 2, 2007. Submit comments 
specific to information collection aspects of this rule January 2, 
2007. Comments received after that date will be considered if it is 
practical to do so, but the NRC is able to ensure consideration only 
for comments received on or before this date.

ADDRESSES: You may submit comments by any one of the following methods. 
Please include the following number (RIN 3150-AH57) in the subject line 
of your comments. Comments on this rulemaking submitted in writing or 
in electronic form will be made available for public inspection. 
Because your comments will not be edited to remove identifying 
information, the NRC cautions against including personal information 
such as social security numbers and birth dates in your submission.
    Mail comments to: Secretary, U.S. Nuclear Regulatory Commission, 
Washington, DC 20555-0001, Attn: Rulemaking and Adjudications Staff.
    E-mail comments to: SECY@nrc.gov. If you do not receive a reply e-
mail confirming that we have received your comments, contact us 
directly at (301) 415-1966. You may also submit comments via the NRC's 
rulemaking Web site at https://ruleforum.llnl.gov. Address questions 
about our rulemaking Web site to Carol Gallagher at (301) 415-5905; e-
mail: cag@nrc.gov. Comments can also be submitted via the Federal 
Rulemaking Portal https://www.regulations.gov.
    Hand deliver comments to 11555 Rockville Pike, Rockville, Maryland, 
20852, between 7:30 a.m. and 4:15 p.m. Federal workdays. (Telephone: 
(301) 415-1966).
    Fax comments to: Secretary, U.S. Nuclear Regulatory Commission at 
(301) 415-1101. Publicly available documents related to this rulemaking 
may be examined and copied for a fee at the NRC's Public Document Room 
(PDR), Public File Area 01F21, One White Flint North, 11555 Rockville 
Pike, Rockville, Maryland. Selected documents, including comments, can 
be reviewed and downloaded electronically via the NRC rulemaking Web 
site at https://ruleforum.llnl.gov.
    You may submit comments on the information collections by the 
methods indicated in the Paperwork Reduction Act Statement.
    Publicly available documents created or received at the NRC after 
November 1, 1999, are available electronically at the NRC's Electronic 
Reading Room at https://www.nrc.gov/NRC/ADAMS/. From this 
site, the public can gain entry into the NRC's Agencywide Document 
Access and Management System (ADAMS), which provides text and image 
files of NRC's public documents. If you do not have access to ADAMS or 
if there are problems in accessing the documents located in ADAMS, 
contact the NRC's PDR Reference staff at 1-800-397-4209, 301-415-4737 
or by e-mail to pdr@nrc.gov.

FOR FURTHER INFORMATION CONTACT: Marjorie Rothschild, Senior Attorney, 
Office of the General Counsel, U.S. Nuclear Regulatory Commission, 
Washington, DC 20555-0001, telephone (301) 415-1633, e-mail MUR@nrc.gov 
or Bernard Stapleton, Office of Nuclear Security and Incident Response, 
Nuclear Regulatory Commission, Washington, DC 20555-0001, telephone 
(301) 415-2432, e-mail BWS2@nrc.gov.

Supplementary Information:

I. Background
II. Need for Rule
III. Purpose of Rulemaking
IV. Discussion
    A. Overview of Public Comments on the Original Proposed Rule
    B. Comments and Issues
    1. Comments in Response to Specific Request for Comments
    2. General Issues
    3. Section-Specific Comments
    C. Section-by-Section Analysis
    D. Request for Specific Comment
V. Criminal Penalties
VI. Agreement State Issues
VII. Voluntary Consensus Standards
VIII. Finding of No Significant Impact: Environmental Assessment
IX. Paperwork Reduction Act Statement
X. Regulatory Analysis
XI. Regulatory Flexibility Certification
XII. Backfit Analysis

I. Background

    The NRC first published proposed amendments to its rules in parts 
2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76, 150 governing the 
handling of Safeguards Information and creating a new category of 
protected material, Safeguards Information-Modified Handling on 
February 11, 2005 (70 FR 7196). Subsequently, Congress passed the 
Energy Policy Act of 2005 (EPAct), Pub. L. No. 109-58, 119 Stat. 594. 
Section 652 of the EPAct amended section 149 of the Atomic Energy Act 
(AEA) to require fingerprinting, for criminal history check purposes, 
of a broader class of persons. With regard to access to SGI before the 
EPAct, the NRC's fingerprinting authority was limited to requiring 
licensees and applicants for a license to operate a nuclear power 
reactor under 10 CFR part 50 to fingerprint individuals prior to 
granting access to SGI. The EPAct expanded the NRC's authority to 
require fingerprinting of only individuals with access to SGI. Under 
the EPAct, NRC has the authority to require that the following 
individuals conduct fingerprinting before granting access to SGI: (1) 
Individuals licensed or certified to engage in an activity subject to 
regulation by the Commission; (2) individuals who have filed an 
application for a license or certificate to engage in Commission-
regulated activities; and (3) have notified the Commission in writing 
of an intent to file an application for licensing, certification, 
permitting, or approval of a product or activity subject to regulation 
by the Commission. Previously, section 149 of the AEA only required 
fingerprinting and criminal history records checks of individuals 
seeking access to SGI (as defined in Sec.  73.2) from a power reactor 
licensee or license applicant.
    The EPAct preserved the Commission's authority in section 149 to 
relieve by rule certain persons from the fingerprinting, 
identification, and

[[Page 64005]]

criminal history records checks. The Commission recently exercised that 
authority to relieve by rule certain categories of persons from those 
requirements including Federal, State, and local officials involved in 
security planning and incident response, Agreement State employees who 
evaluate licensee compliance with security-related orders, members of 
Congress who request SGI as part of their oversight function, and 
certain foreign representatives. These exemptions are based on the 
Commission's findings that (1) interrupting those individuals' access 
to SGI to perform fingerprinting and criminal history checks would harm 
vital inspection, oversight, planning, and enforcement functions, (2) 
it would impair communications among the NRC, its licensees, and first 
responders in the event of an imminent security threat or other 
emergency, and (3) it could strain the Commission's cooperative 
relationships with its international counterparts, and might delay 
needed exchanges of information to the detriment of current security 
initiatives both at home and abroad. The final rule was published in 
the Federal Register on June 13, 2006 (71 FR 33,989). That final rule 
was necessary to avoid disruption of the Commission's information 
sharing activities during the interim period while the Commission 
completes the overall revision of the regulations in this rulemaking.
    We have revised the original proposed rule to reflect the new 
requirements under the EPAct, and the final rule cited above, and we 
are again seeking public comment before promulgating a final SGI rule. 
We have also made revisions to reflect public comments on the original 
proposed rule, recent Commission direction, and Orders issued to 
licensees authorized to possess and transfer items containing certain 
quantities of radioactive material.
    The Commission requests that comments on this revised proposed rule 
focus on the changes and additions to the original proposed rule and 
not on areas discussed in previous comments. Because the public has 
already had opportunity to comment on much of the material contained in 
this revised proposed rule, the Commission has determined that a 60-day 
comment period is appropriate, and requests for extension of the 
commenting period will not be granted.
    SGI is a special category of sensitive unclassified information to 
be protected from unauthorized disclosure under Section 147 of the AEA. 
Although SGI is considered to be sensitive unclassified information, it 
is handled and protected more like Classified National Security 
Information than like other sensitive unclassified information (e.g., 
privacy and proprietary information). Part 73, ``Physical Protection of 
Plants and Materials,'' of the NRC's regulations in Title 10 of the 
Code of Federal Regulations (CFR) contains requirements for the 
protection of SGI. Commission orders issued since September 11, 2001, 
have also imposed requirements for the designation and protection of 
SGI. These requirements apply to SGI in the hands of any person, 
whether or not a licensee of the Commission, who produces, receives, or 
acquires SGI. An individual's access to SGI requires both a valid 
``need to know'' the information and authorization based on an 
appropriate background investigation. Power reactors, certain research 
and test reactors, and independent spent fuel storage installations are 
examples of the categories of licensees currently subject to the 
provisions of 10 CFR part 73 for the protection of SGI. Examples of the 
types of information designated as SGI include the physical security 
plan for a licensee's facility, the design features of a licensee's 
physical protection system, and operational procedures for the 
licensee's security organization.
    The Commission has authority under Section 147 of the AEA to 
designate, by regulation or order, other types of information as SGI. 
For example, Section 147a.(2) allows the Commission to designate as SGI 
a licensee's or applicant's detailed security measures (including 
security plans, procedures and equipment) for the physical protection 
of source material or byproduct material in quantities determined by 
the Commission to be significant to the public health and safety or the 
common defense and security. The AEA explicitly provides in Section 
147a. that ``any person, whether or not a licensee of the Commission, 
who violates any regulations adopted under this section shall be 
subject to the civil monetary penalties of Section 234 of this Act.'' 
Furthermore, willful violation of any regulation or order governing SGI 
is a felony subject to criminal penalties in the form of fines or 
imprisonment, or both, as prescribed in Section 223 of the AEA.
    The Commission has, by order, imposed SGI handling requirements on 
certain categories of these licensees. An example is the November 25, 
2003 Order issued to certain materials licensees.\1\ Violations of SGI 
handling and protection requirements, whether those specified in part 
73 or those imposed by order, are subject to civil and criminal 
sanctions. Licensee employees, past or present, and all other persons 
who have had access to SGI have a continuing obligation to protect SGI 
in order to prevent inadvertent release and unauthorized disclosure. 
Information designated as SGI must be withheld from public disclosure 
and must be physically controlled and protected. Protection 
requirements include: (1) Secure storage; (2) document marking; (3) 
restriction of access; (4) limited reproduction; (5) protected 
transmission; (6) controls for information processing on electronic 
systems; and (7) destruction of SGI. The AEA explicitly provides in 
Section 147a. that ``any person, whether or not a licensee of the 
Commission, who violates any regulations adopted under this section 
shall be subject to the civil monetary penalties of Section 234 of this 
Act.'' Furthermore, willful violation of any regulation or order 
governing SGI is a felony subject to criminal penalties in the form of 
fines or imprisonment, or both, as prescribed in Section 223 of the 
AEA.
---------------------------------------------------------------------------

    \1\ This Order was published in the Federal Register as 
``Licensees Authorized to Manufacture or Initially Transfer Items 
Containing Radioactive Material for Sale or Distribution and Who 
Possess Certain Radioactive Material of Concern and all Persons Who 
Obtain Safeguards Information Described Herein; Order Issued on 
November 25, 2003, Imposing Requirements for the Protection of 
Certain Safeguards Information (Effective Immediately),'' (69 FR 
3397; Jan. 23, 2004).
---------------------------------------------------------------------------

II. Need for Rule

    Changes in the threat environment have revealed the need to protect 
as SGI additional types of security information held by a broader group 
of licensees. The current regulations do not specify all of the types 
of information that could be designated as SGI and are now recognized 
to be significant to the public health and safety or the common defense 
and security. The unauthorized release of this information could result 
in harm to the public health and safety and the Nation's common defense 
and security, as well as damage to the Nation's critical 
infrastructure, including nuclear power plants and other facilities and 
materials licensed and regulated by the NRC or Agreement States.
    Since September 11, 2001, the NRC has issued orders that have 
increased the number of licensees whose security measures will be 
protected as SGI and added types of security information considered to 
be SGI. Orders have been issued to power reactor licensees, fuel cycle 
facility licensees, certain source material licensees, and certain 
byproduct material licensees. Some of

[[Page 64006]]

the orders expanded the types of information to be protected by 
licensees who already have an SGI protection program, such as nuclear 
power reactor licensees. Other orders were issued to licensees that 
have not previously been subject to SGI protection requirements in the 
regulations, such as certain licensees authorized to manufacture or 
initially transfer items containing radioactive material.\2\ Some 
orders imposed a new designation detailing modified handling 
requirements for certain SGI: Safeguards Information-Modified Handling 
(SGI-M). The more precise term is ``Safeguards Information-designated 
as Safeguards Information-Modified Handling'' to distinguish between 
``type of information''--SGI, and the two sets of handling requirements 
``SGI'' and ``SGI-M''. We are not seeking to create another type of 
information separate from SGI, and in fact SGI-M is SGI.
---------------------------------------------------------------------------

    \2\1\ See Order (69 FR 3397; January 23, 2004).
---------------------------------------------------------------------------

    SGI-M refers to SGI with handling requirements that are modified 
somewhat due to the lower risk posed by unauthorized disclosure of the 
information. The SGI-M protection requirements apply to certain 
security-related information regarding quantities of source, byproduct, 
and special nuclear materials for which the harm caused by unauthorized 
disclosure of information would be less than that for SGI.
    Some of the requirements imposed by orders that have increased the 
types of information to be considered SGI are not covered by the 
current regulations. Although the Commission has the authority to 
impose new SGI requirements through the issuance of orders, the 
regulations would not reflect current Commission SGI policy and/or 
requirements. Consequently, the NRC has opted to amend its regulations.

III. Purpose of Rulemaking

    NRC staff review of the SGI regulatory program indicates that 
changes in the regulations are needed to address issues such as access 
to SGI, types of security information to be protected, and handling and 
storage requirements.
    This rulemaking will:
    (1) Revise the definition of ``need to know'' in 10 CFR 73.2;
    (2) Implement expanded fingerprinting and criminal history check 
procedures for broader categories of individuals who will have access 
to SGI unless exempt from those requirements;
    (3) Implement a requirement for background checks which form the 
basis for demonstrating trustworthiness and reliability for individuals 
who will have access to SGI unless exempt from those requirements. As 
discussed in detail later, background checks are comprised of several 
elements, which would now include a criminal history check;
    (4) Modify part 73 to reflect the Commission's recent experience 
and actions, including addressing requirements contained in Orders 
issued following the terrorist attacks of September 11, 2001;
    (5) Expand the scope of part 73 to include additional categories of 
licensees (e.g., source and byproduct material licensees, research and 
test reactors not previously covered, and fuel cycle facilities not 
previously covered);
    (6) Expand the types of security information covered by the 
definition of SGI in Sec.  73.2 and the information categories 
described in Sec. Sec.  73.22 and 73.23 to include detailed security 
measures for the physical protection of byproduct, source, and special 
nuclear material; security-related scenarios and implementing 
procedures; uncorrected vulnerabilities or weaknesses in a security 
system; and certain training and qualification information; and
    (7) Clarify requirements for obtaining access to SGI in the context 
of adjudications and clarify the appeal procedures available.
    (8) Modify the original proposed rule to align it with the final 
rule in 10 CFR 73.59 granting relief from the identification and 
criminal history records check element (including fingerprinting) of 
background checks for designated categories of individuals.
    (9) Modify 10 CFR 73.59 to make it consistent with the language and 
structure of the proposed SGI rule.
    A graded approach based on the risks and consequences of 
information disclosure would be used in determining which category of 
licensee or type of information would be subject to certain protection 
requirements. This graded approach can be applied to issues such as the 
type of information to be protected, the classes of licensees subject 
to the rule, and the level of handling requirements necessary for the 
various licensees. For example, the graded approach would allow certain 
licensees to employ the modified-handling procedures introduced in 
recent orders and now set forth in the provisions of this revised 
proposed rule.
    The requirements set forth in this revised proposed rule are the 
minimum restrictions the Commission finds necessary to protect SGI 
against inadvertent release or unauthorized disclosure which might 
compromise the health and safety of the public or the common defense 
and security. The revised proposed rule would cover those facilities 
and materials the Commission has already determined need to be 
protected against theft or sabotage. The categories of information 
constituting SGI relate to the types of facilities and the quantities 
of special nuclear material, source material and byproduct material 
determined by the Commission to be significant and therefore subject to 
protection against unauthorized disclosure pursuant to Section 147 of 
the AEA. Unauthorized release of SGI could reduce the deterrence value 
of systems and measures used to protect nuclear facilities and 
materials and allow for the possible compromise of those facilities and 
materials. Such disclosures could also facilitate advance planning by 
an adversary intent on committing acts of theft or sabotage against the 
facilities and materials within the scope of the revised proposed rule. 
Further, the Commission has determined, pursuant to Section 147a.(3)(B) 
of the AEA, that the unauthorized disclosure of the information that is 
the subject of this revised proposed rule could reasonably be expected 
to have a significant adverse effect on the health and safety of the 
public or the common defense and security by significantly increasing 
the likelihood of theft, diversion, or sabotage of nuclear material or 
a production or utilization facility. The Commission has distinguished 
SGI designated as SGI-M, needing modified protection, from SGI for 
reactors and fuel cycle facilities that require a higher level of 
protection.

IV. Discussion

A. Overview of Public Comments on the Original Proposed Rule

    On February 11, 2005, (70 FR 7196), the Commission published a 
proposed rule and requested public comments by March 28, 2005. Twenty-
five comment letters were received, in addition to 622 letters from 
members of the public that were substantively identical. Copies of 
those letters are available for public inspection and copying for a fee 
at the NRC Public Document Room, 11555 Rockville Pike, Rockville, 
Maryland, or on the NRC's Agencywide Document Access and Management 
System, available online at: https://www.nrc.gov/reading-rm/adams/web-
based.html.
    Two comment letters were from trade unions, four were from public 
interest or government watchdog groups, one was from a journalist 
group, three were from members of the public, one was from a State 
government agency, two were from the U.S. Department of

[[Page 64007]]

Energy, one was from a law firm that represents nuclear utilities, and 
eleven were from utilities or nuclear industry groups. The comment 
letters provided various points of view and suggestions for 
clarifications, additions, deletions, and changes. Responses to the 
comments, including those in the 622 letters from the public, are set 
forth below.

B. Comments and Issues

1. Comments In Response to Specific Request for Comments
    In the February 2005 proposed rule, the NRC solicited specific 
public comment on the issue associated with differing requirements for 
access to SGI and SGI-M. The original proposed rule Sec. Sec.  
73.22(b)(1) and 73.23(b)(1) contained different requirements for 
performing background checks and making trustworthiness and reliability 
determinations for granting personnel access to SGI or SGI-M. These 
proposed requirements were based on the then-existing statutory 
authorization in Section 149 of the AEA for the NRC to require nuclear 
power reactor applicants or licensees to fingerprint individuals to be 
granted access to SGI. Before enactment of the EPAct on August 8, 2005, 
there was no similar statutory authorization to require fingerprinting 
by other applicants or licensees. Section 652 of the EPAct, however, 
amended Section 149 of the AEA to authorize the NRC to require 
fingerprinting of individuals granted access to SGI by all: (1) 
Individuals and entities engaged in activities subject to regulation by 
the Commission; (2) applicants for a license or certificate to engage 
in Commission-regulated activities; and (3) individuals and entities 
who have notified the Commission in writing of an intent to file an 
application for licensing, certification, permitting, or approval of a 
product or activity subject to regulations by the Commission.
    The NRC published the original proposed rule six months before the 
Energy Policy was enacted, specifically inviting comment on whether 
stakeholders perceived difficulties in complying with the varying 
requirements of SGI and SGI-M. The Commission has considered 
stakeholders' suggestions, comments, and proposals regarding the issue 
of whether a more uniform approach can be provided for background 
checks and trustworthiness and reliability determinations. Although 
comments may not have explicitly referred to this request for specific 
comment, many comments addressed the issue of performing background 
checks and the criteria for determining trustworthiness and reliability 
for access to SGI and SGI-M. These comments and detailed responses are 
set forth below. Commission views are also presented.
    One commenter expressed concern that the criteria to judge 
``trustworthiness and reliability'' could be applied arbitrarily to 
restrict access to information by persons deemed to have interests 
opposing the NRC or nuclear industry. Commenters also questioned how a 
``comprehensive background check'' would be conducted and what ``the 
other means'' for determining ``trustworthiness and reliability'' would 
be. Other commenters noted that the definition of ``trustworthiness and 
reliability'' does not clearly address how its requirements will be 
uniformly applied for all classes of individuals (for example, an 
individual who is not a utility employee such as an attorney for a 
utility or intervenor in an NRC adjudicatory proceeding), and whether 
there is a need for continued monitoring. Another commenter requested 
that the NRC address when background checks are required for persons 
requiring infrequent access to SGI or SGI-M such as commercial vendors 
periodically supplying security equipment and needed services to 
facilities. Some commenters requested greater detail on the criteria 
the NRC will use to determine access to SGI-M and that such criteria 
should allow for greater access to SGI-M because it poses ``a lower 
security risk.''
    In response to these comments, the Commission notes that the 
purpose of the criteria to determine ``trustworthiness and 
reliability'' for access to SGI is to provide reasonable assurance to 
the person granting access and to the Commission that granting an 
individual access to SGI does not constitute an unreasonable risk to 
the public health and safety or the common defense and security. 
Applying the criteria to improperly restrict access to SGI on the basis 
of an individual's support or opposition to the nuclear industry is not 
consistent with the regulatory framework the Commission has established 
for granting access to SGI.
    The changes to the original proposed rule text reflect Commission 
efforts to more thoroughly address the criteria for determining access 
to SGI. For example, the revised proposed rule defines the term 
``background check'' and provides greater specificity in the definition 
of the term ``trustworthiness and reliability.'' The revised proposed 
rule provides procedural protections to individuals seeking access to 
SGI in the context of adjudication both before and after an adverse 
determination of trustworthiness and reliability by the NRC Office of 
Administration. Before an adverse determination of trustworthiness and 
reliability is made, individuals would be entitled to use the 
procedures set forth in Sec.  73.57. In the context of NRC 
adjudications, individuals receiving an adverse determination on their 
background check for trustworthiness and reliability would be able to 
appeal that adverse determination to the presiding officer of the 
proceeding in which the SGI is sought. Potential witnesses, 
participants without attorneys, and attorneys would be able to request 
that the Chairman of the Atomic Safety and Licensing Board Panel 
designate an officer other than the presiding officer of the proceeding 
to review the determination. Moreover, in the revised proposed rule, 
the Commission has standardized the criteria for access to SGI to 
implement amendments to Section 149 of the AEA contained in Section 652 
of the EPAct. The revised proposed rule would require a Federal Bureau 
of Investigation criminal history check as part of the background check 
used to determine whether an individual is trustworthy and reliable 
before obtaining access to SGI, unless the Commission has otherwise 
provided. This requirement would extend to participants in NRC 
adjudicatory proceedings.
    The frequency with which access to SGI is needed is not a factor 
for determining access to SGI or SGI-M based on the governing 
provisions of the AEA or the Commission's regulatory framework 
implementing those provisions. Establishing an individual's need-to-
know the information and trustworthiness and reliability is necessary 
whether an individual needs a one-time access to SGI or SGI-M or access 
multiple times. A trustworthiness and reliability determination based 
on a background check must be made except for individuals enumerated in 
Sec.  73.59 including contractors of an applicant or licensee. The 
Commission has determined that access to SGI and Safeguards Information 
designated as SGI-M by licensee employees, agents, vendors, or 
contractors must include both an appropriate need-to-know finding by 
the licensee and a finding concerning the trustworthiness and 
reliability of individuals having access to the information. Although a 
separate need-to-know determination will be required for each specific 
request for access to SGI, the requirement for a determination of 
trustworthiness and

[[Page 64008]]

reliability based on a background check could be considered satisfied 
within a certain period of time, 5 years for example. The same interval 
would apply to criminal history records checks (including 
fingerprinting), which are an element of a background check to 
determine trustworthiness and reliability.
    A commenter also questioned why the Commission would institute 
requirements applicable to SGI-M and suggested that the ``less risk-
associated information'' be ``Official Use Only'' while some of the 
more sensitive information be ``Classified National Security 
Information.'' The Commission has distinguished SGI designated as SGI-
M, needing a lower level of protection. Information meeting the 
definition of SGI in Section 147 of the AEA is being protected as such 
rather than under the designations proposed by this commenter because 
such information should be protected as SGI does not constitute 
Classified National Security Information.
2. General Issues
    Comment: Some commenters stated that the proposed regulations go 
beyond the ``minimum restrictions'' needed to protect the health and 
safety of the public or the common defense and security, as required by 
Section 147 of the AEA. Rather than applying this provision, the 
Commission has expanded the SGI category to include virtually anything 
it wants to withhold. Therefore, the original proposed rule should be 
withdrawn or drastically revised.
    Response: The Commission recognizes there are limits to its 
discretion under Section 147 of the AEA in determining what information 
presents security concerns significant enough to warrant protection as 
SGI. The revised proposed rule does not expand the Commission's 
discretion beyond statutory limits--the revised proposed rule describes 
the information the Commission considers SGI and is within the scope of 
the authority granted by Section 147 of the AEA.
    Section 147 of the AEA authorizes the Commission to protect 
information that specifically identifies the control and accounting 
procedures or security measures, including plans, procedures, and 
equipment used to protect source, byproduct, and special nuclear 
material. The categories of information to be protected under the rule 
fall well within this scope. Sections 73.22(a)(1) and 73.23(a)(1) would 
protect information associated with physical protection such as alarm 
system layouts, intrusion detection equipment, and security 
communications systems, among other information. Sections 73.22(a)(2) 
and 73.23(a)(2) would protect information associated with physical 
protection such as intrusion alarms, vehicle immobilization features, 
and plans for law enforcement coordination. Sections 73.22(a)(3) and 
73.23(a)(3) would protect inspection reports, audits, and evaluations 
to the extent they discuss security measures or security 
vulnerabilities. All of this and other information categorized in the 
regulations, if publicly disclosed, could be used to specifically 
identify the control and accounting procedures or security measures, 
including security plans, procedures, and equipment used to protect 
source, byproduct, and special nuclear material and allow the 
circumvention of those plans, procedures, or equipment.
    The Commission's proposed conditions for access to SGI are not 
overly restrictive. Persons authorized access must be trustworthy and 
reliable based upon a background check to ensure that they will not 
purposely or inadvertently compromise the information. Access to SGI is 
limited to those with a ``need to know'' the information to avoid 
unnecessarily broad distribution of the information, which would 
increase the risk of inadvertent disclosures. As in the current SGI 
regulations, certain persons would be deemed trustworthy and reliable 
by virtue of their occupational status-these persons are generally 
members of government or law enforcement agencies, who in many cases 
have undergone background checks as a condition of their employment. 
Representatives of foreign governments or organizations would also not 
be subject to the background and criminal history checks, if approved 
by the Commission for access to SGI. Such an exemption is consistent 
with the Commission's historical practice. All of these persons would 
still be required to demonstrate a ``need to know'' the information.
    The Commission's proposed SGI handling requirements are not overly 
restrictive. Document marking requirements are necessary to distinguish 
SGI from other information so that it can be properly controlled. 
Locking up SGI while unattended is necessary to prevent unauthorized 
access to the information, as is limiting access to keys and knowledge 
of lock combinations. Restrictions on electronic processing, 
telecommunications and transmission are important to prevent 
interception of SGI, whether by electronic surveillance or other means.
    Comment: Many commenters suggested that the SGI designation does 
not permit the NRC to withhold all information and that the NRC is 
acting illegally and trying to silence those who are trying to improve 
nuclear safety. If instituted, these regulations would compromise the 
public's ability to hold the nuclear industry and its government 
regulators accountable for their management of nuclear facilities and 
materials.
    Response: The Commission recognizes that there are statutory limits 
to the use of the SGI designation. The revised proposed rule remains 
within these limits and describes categories of information that may 
properly be considered SGI. The revised proposed rule recognizes the 
Commission's authority to issue further orders or regulations 
designating information as SGI, provided it is within the scope of 
Section 147 of the AEA.
    The Commission's purpose in proposing this rulemaking is not to 
unnecessarily withhold information from the public, to silence 
criticism of nuclear safety or security policies or to prevent the 
public from offering suggestions for improvement. The proposed SGI 
regulations are intended to ensure adequate protection of the public 
health and safety and the common defense and security by preventing 
authorized disclosure of certain, limited category of information that 
could be used to compromise the security of nuclear facilities and 
materials.
    The Commission always welcomes public input on nuclear safety and 
nuclear security. Members of the public may write letters to the 
Commission, file petitions for rulemaking under 10 CFR 2.802, and file 
requests to institute a proceeding to modify, suspend, or revoke a 
license under 10 CFR 2.206. Members of the public may seek to initiate 
or participate in adjudications held in connection with proposed 
licensing actions. They may also attend public meetings to communicate 
their safety and security concerns. The NRC will always consider and 
respond to public concerns, but it must do so without compromising the 
safety and security of nuclear materials and facilities.
    Comment: One commenter stated that the original proposed rule would 
create a system without rights, duties, and obligations such as those 
in the Freedom of Information Act (FOIA), which would abuse the open 
government principles on which the United States was founded. Other 
commenters proposed that a final rule include procedures for 
designating

[[Page 64009]]

officials who may withhold SGI, to provide oversight of the system, and 
to allow for review or appeal of SGI or SGI-M determinations. A 
commenter stated that the NRC has not provided an individual the 
opportunity to challenge an SGI determination by appealing to the head 
of the agency. A commenter expressed concerns that a final rule needed 
the types of controls and checks that are built into the national 
security classification system. According to the commenter, there are 
no mechanisms for reviewing and appealing decisions to categorize 
information as SGI; the rule has an inadequate mechanism for removing 
information from SGI status once it has been categorized; there are no 
truly independent bodies to exercise oversight over SGI determinations; 
there is no recognized channel for getting disputes over SGI status 
into court; and there are insufficient mechanisms for making the 
portions of SGI information which would not present a risk in the form 
of redacted documents available to Congress, the news media, and the 
public.
    Response: Section 147 of the AEA sets forth the substantive legal 
requirements governing the protection of SGI. Section 147 of the AEA 
does not require the Commission to develop FOIA-like appeal procedures 
to resolve individual challenges to SGI designation on a case-by-case 
basis.
    Creation of FOIA-like appeal procedures would result in a 
cumbersome administrative process for SGI designation and potentially 
require substantial resources to implement and administer. The 
preferred approach is the one the Commission is proposing here--
providing the public notice of and opportunity to comment on categories 
of information the Commission would consider SGI.
    Throughout this rulemaking, the Commission has been open about the 
categories of information it seeks to protect and the reasons for 
protecting that information. The Commission is giving the public 
adequate notice of the approach and ample opportunity to challenge the 
Commission's SGI designations on a generic basis. There is no need to 
develop procedures for challenging the designation of information as 
SGI or SGI-M.
    Comment: One commenter proposed that the NRC should followup this 
rulemaking with the deletion of or revisions to current orders and 
advisory letters. In the interim, NRC should, by order or regulation, 
state that the revised regulations supersede all conflicting orders and 
advisory letters issued prior to the effective date of the revision to 
the regulations.
    Response: This revised proposed rule incorporates the requirements 
for SGI protection previously described in NRC orders and advisory 
letters. The final rule would, on its effective date, supersede all SGI 
orders and advisory letters issued prior to that effective date. The 
Commission will, however, take administrative action to withdraw all 
previously orders where appropriate.
    Comment: One commenter recommended that the NRC rule specify that 
security information or plans associated with a licensee possessing, 
using, transporting, or offering for transport greater than or equal to 
Category (CAT) I quantities of Strategic Special Nuclear Material 
(SSNM) be controlled as Classified National Security Information in 
accordance with the provisions of 10 CFR parts 25 and 95. In addition, 
the commenter recommends that the NRC revise the final rule with 
respect to the protection of information associated with security 
information and plans for a licensee possessing, using, transporting, 
or offering for transport CAT II and III quantities of special nuclear 
material (SNM) to utilize a risk-informed and graded approach 
consistent with the change to CAT I SSNM, specifically:
    (1) Security information and plans for licensees possessing, using, 
transporting, or offering for transport less than a formula quantity of 
SSNM but greater than or equal to a CAT II quantity of SNM (consisting 
of U-233, Pu, or high-enriched U-235 (enriched to 20 percent or more)) 
should be controlled as SGI per the requirements of Sec. Sec.  73.21 
and 73.22 of the original proposed rule;
    (2) Security information and plans for licensees possessing, using, 
transporting, or offering for transport less than a CAT II quantity of 
SNM (consisting of U-233, Pu, or high-enriched U-235 (enriched to 20 
percent or more)), but more than 10 kg of a CAT III quantity of SNM, or 
a CAT II quantity of low-enriched U-235 (enriched to less than 20%) 
should be controlled as SGI-M per the requirements of Sec. Sec.  73.21 
and 73.23 of the original proposed rule;
    (3) The risks associated with security information and plans for 
licensees possessing, using, transporting, or offering for transport 
less than a CAT III of SNM do not require protection under part 73.
    The commenter suggests that this approach would provide greater 
regulatory clarity than the NRC's original proposed rule language of 
``fuel cycle facilities required to implement security measures'' and 
``fuel cycle facilities'' in Sec. Sec.  73.21(a)(1)(i) and 73.22 
introductory text, respectively, by clearly identifying de minimis 
levels of SNM requiring protection.
    The commenter also recommends that the NRC revise part 76 to 
incorporate this graded approach for certificate holders under part 76, 
because the requirements for protection of CAT I, II, or III SNM under 
parts 70 and 76 should be the same.
    Response: The revised proposed rule language clearly indicates that 
it only applies to information that is not classified as Restricted 
Data or National Security Information. If the specific information is 
considered to be Restricted Data or National Security Information it 
would be protected as such and the SGI provisions would not apply.
    The NRC staff agrees that a graded approach should be used, and the 
revised proposed rule uses a graded approach. The staff agrees that 
additional clarification is necessary to explain what is meant by fuel 
cycle facilities. The original proposed rule text has been revised to 
add clarity. Fuel fabrication facilities, uranium enrichment 
facilities, uranium hexafluoride conversion facilities, and independent 
spent fuel storage installations will be subject to the provisions in 
Sec.  73.22 for SGI. Research and test reactors and other facilities 
that have special nuclear material of low or moderate strategic 
significance will be subject to the provisions of Sec.  73.23 for SGI-
M.
    Comment: One commenter suggested that a final rule either: (1) 
Remove the designation of site access information as SGI; or (2) 
specify that the ``need to know'' includes the protection of employment 
and labor rights, so that individuals involved in employment-related 
grievances, arbitration, litigation, and/or labor contract negotiations 
and administration may gain access to relevant SGI when such 
individuals qualify as ``Individuals Authorized to Access Safeguards 
Information''. Also, the commenter requests that the rule set forth a 
procedure by which employees and their representatives may apply to 
gain access to relevant SGI for the protection of employment and labor 
rights so that individuals involved in employment-related grievances, 
arbitration, litigation and/or labor contract negotiations and 
administration may gain access to relevant SGI when such individuals do 
not qualify as ``Individuals Authorized to Access Safeguards 
information.''
    The commenter asserts that it is additionally problematic that site 
access information is SGI because it could lead to an unnecessary 
chilling effect having adverse safety implications. Removing

[[Page 64010]]

site access information as SGI or, alternatively, establishing 
provisions whereby employees and their representatives may obtain such 
information, will prevent violations of individuals' rights under 
applicable laws and will not compromise the safety of nuclear 
facilities.
    Response: The revised proposed rule would not designate ``site 
access information'' as SGI and is not intended to discourage 
individuals from raising safety or security concerns to licensees or 
the NRC. Employees of NRC licensees who feel they have been retaliated 
against for raising safety or security concerns are encouraged to seek 
potential enforcement action through the NRC and to go to the 
Department of Labor for potential personal remedies.
    There is no presumptive ``need to know'' for agents representing 
employees of NRC licensees in employment-related grievances. The 
revised proposed rule would not establish a special procedure by which 
agents representing employees of NRC licensees may have access to SGI, 
but the Commission retains the authority to grant such access if the 
circumstances of an individual case so require.
    Comment: One commenter contended that the Commission lacks the 
statutory authority to impose regulations for the protection of SGI 
pertaining to the security measures of State licensees. According to 
this commenter, the licensees or applicants referred to in Section 147 
of the AEA are clearly those of the Commission only, and not of the 
Agreement States.
    Response: Section 147a. of the AEA requires the Commission, in 
relevant part, to prescribe such regulations or issue such orders as 
necessary to prohibit the unauthorized disclosure of SGI. The 
Commission also has authority under Subsections 161b. and 161i. to 
issue rules, regulations, or orders to protect the common defense and 
security. Moreover, Section 274m. of the AEA, ``Cooperation with 
States,'' provides that no agreement entered into pursuant to Section 
274b. shall affect the Commission's authority under Subsections 161b. 
and, 161i.
    As to the commenter's assertions regarding the terms ``licensee'' 
or ``applicant,'' the plain language of Section 147 refers simply to 
``licensee's or applicant's [detailed information].'' Section 147 draws 
no distinction between a ``Commission licensee'' as the commenter 
asserts and an ``Agreement State licensee.'' Thus, on its face, the 
statute does not support the commenter's viewpoint.
    Comment: One commenter suggested that a final rule should focus not 
only on SGI and SGI-M material, but should include rules for the 
protection of other levels of information.
    Response: The scope of this rulemaking, as stated in the original 
proposed rule, is limited to amending the regulations for the 
protection of SGI. Other types of information are governed by separate 
requirements. For example, an executive order, applicable government-
wide, controls Classified National Security Information. E.O. 12958, as 
amended, ``Classified National Security Information'', and related 
directives of the Information Security Oversight Office, National 
Archives and Records Administration, April 20, 1995. NRC regulations 
found in 10 CFR 2.390 govern handling of other categories of sensitive 
unclassified information. The NRC has determined that no further 
changes to NRC regulations are warranted at this time.
    Comment: One commenter questioned the ``correct'' categorization of 
information the NRC considers to be SGI. According to the commenter, 
when a Department of Energy (DOE) facility is licensed, there may be 
difficulties in deciding if the information should be Classified 
National Security Information (CNSI) or SGI. On the other hand, the 
commenter asserted that ``Official Use Only'' should be considered 
before marking the information as SGI.
    Response: The proposed amendments to the regulations reflect the 
statutory definitions of SGI in Section 147 of the AEA. The Commission 
believes that the definitions in the revised proposed rule accurately 
reflect the information described in Section 147 as SGI. Both the 
relevant proposed amendments to part 73 as well as guidance that would 
be issued by the staff would assist licensees in correctly designating 
information to be protected as SGI. The DOE has previously demonstrated 
that it has a comprehensive program governing the classification of 
information. As noted in the original proposed rule, any information 
classified as National Security Information would carry that 
designation and not be designated as SGI.
    It is appropriate for any entity possessing sensitive information, 
classified or otherwise, to consider all possible and appropriate 
classifications/designations of information when making decisions to 
protect such information from public disclosure. The Commission expects 
that information falling within the definition of SGI will be so 
designated, thus mandating the withholding of the information from 
public disclosure and that only information properly characterized as 
SGI will be designated as such. In this regard, the Commission notes 
that information marked as ``Official Use Only'' does not assure that 
the information will be withheld from public disclosure.
    Comment: One commenter recognized that requirements in 10 CFR 
73.22, for SGI, would apply to reactors and licensees authorized to 
possess a formula quantity of SSNM, while requirements in 10 CFR 73.23, 
for SGI-M, would apply to licensees authorized to possess certain 
quantities of source and byproduct material and SNM of moderate or low 
strategic significance. The commenter pointed out that some licensees 
are authorized to possess, in one license, in excess of a formula 
quantity of SSNM, in addition to a significant quantity of source 
material and byproduct material. The commenter suggested that the rule 
is not clear on whether such a licensee should follow Sec.  73.22 or 
Sec.  73.23. The commenter further suggested that it would seem 
burdensome for a single licensee to have separate SGI and SGI-M 
programs. Another commenter noted that industry discussions with the 
NRC led it to believe that controlling SGI-M documents under its 
existing SGI program was acceptable; however, the proposed changes in 
paragraph (d) of Sec. Sec.  73.22 and 73.23 appear to contradict that 
position and expand the marking and handling requirements to apply to 
both SGI and SGI-M documents. That commenter noted that, given the 
effectiveness of the current program, there does not appear to be any 
justification for the additional marking requirements in paragraph (d).
    Response: The NRC agrees with the comment that it could be 
inefficient for licensees possessing categories or quantities of 
material under Sec. Sec.  73.22 and 73.23 to implement both information 
protection schemes. Licensees subject to both Sec. Sec.  73.22 and 
73.23 would be in compliance with the requirements for protection of 
SGI if they implement the higher protection standards in Sec.  73.22, 
or they may choose to implement a multi-level approach. Licensees with 
a single-level information security system could use the marking 
``Safeguards Information'' in place of ``Safeguards Information--
Modified Handling.'' This alternative would be appropriate because the 
facility security measures and associated information protection 
requirements would be based on the higher category of asset possessed 
by the licensee.
    A primary difference between the SGI protection requirements in 
Sec.  73.22 and the SGI-M protection requirements in Sec.  73.23 is how 
the information is

[[Page 64011]]

marked and stored. SGI in the former category is marked ``Safeguards 
Information'' while the latter category is marked ``Safeguards 
Information designated as Safeguards Information-Modified Handling.'' 
The different markings are associated with different storage 
requirements. SGI described in Sec.  73.22 must be stored in a locked 
security storage container, but SGI described in Sec.  73.23 has a less 
stringent storage requirement--the information must be stored in a 
locked file drawer or cabinet or may be stored in a security container 
as described in Sec.  73.22.
    Proper marking is necessary when SGI is communicated between 
entities or parties so that the recipient does not receive a document 
with markings that would require storage in a container that the 
recipient does not possess. It is the duty of the licensee or applicant 
who transfers documents containing SGI to a party beyond their control 
to ensure that the document is properly marked. Without the appropriate 
document markings, the sender inadvertently could cause a violation of 
the regulations.
    Comment: One commenter noted that the expanded types of documents 
that must be handled as SGI or SGI-M and the addition of marking 
requirements will require additional effort and time to implement. 
Therefore, the commenter suggested that the rule allow at least one 
year for the licensee to effectively implement the requirements.
    Response: The NRC recognizes that SGI requirements require effort 
and time to implement, but does not concur that one year is necessary 
for implementation. This revised proposed rule reflects orders already 
imposed by the Commission and would expand the types of security 
information covered by Sec.  73.2. Considering the scope of the rule, 
the Commission proposes to set an effective date for the final rule of 
90 days from publication in the Federal Register.
    Comment: One commenter stated that the reference in the 
Supplementary Information portion of the original proposed rule to 
criminal penalties for violation of Commission requirements governing 
SGI should clarify that criminal sanctions are only imposed for willful 
violations.
    Response: In response to this comment, the relevant language in 
Section I. (``Background'') of this revised proposed rule has been 
changed to remove ambiguity about the application of criminal penalties 
for violations of the AEA (i.e., such penalties apply to willful 
violations only).
    Comment: One commenter asked whether DOE facilities licensed by the 
NRC would be excluded from all orders.
    Response: To the extent that the NRC has regulatory authority over 
a DOE facility, the NRC has the authority to issue orders to the DOE 
applicable to that facility.
3. Section-Specific Comments
Parts 60 and 63: Disposal of High-Level Radioactive Waste in Geologic 
Repositories; Disposal of High-Level Radioactive Wastes in a Geologic 
Repository in Yucca Mountain, Nevada
    Comment: One commenter suggested that the degree of information 
security required for facilities licensed under parts 60 and 63 is 
insufficient for the protection of National Security Information and is 
inconsistent with long-standing NRC classification guidance, recent 
Commission and staff actions, as well as the 2004 ``Joint DOE and NRC 
Sensitive Unclassified Information and Classification Guide for the 
Office of Civilian Radioactive Waste Management Program'' (CG-OCRWM-1, 
which is non-public). The commenter contends that this inconsistency in 
language will cause regulatory confusion and could lead to inadequate 
protection of National Security Information or inadequate enforcement 
authority.
    Specifically, the commenter notes that the proposed language in 
Sec. Sec.  70.22, 70.32, 73.2, and 73.22 refers to physical security, 
safeguards contingency, and guard qualification and training plans 
information being controlled as SGI per Sec. Sec.  73.21 and 73.22. 
However, CG-OCRWM-1, the commenter notes, indicates that certain 
information associated with the proposed Yucca Mountain repository will 
be considered National Security Information.
    In addition, the commenter contends that Sec. Sec.  60.21, 60.42, 
63.21, and 63.42 refer to the ``design for physical security'' to be 
protected as SGI, but does not mention the ``physical security plan.'' 
The commenter suggests that the NRC explicitly require the physical 
security plan for a repository licensed under parts 60 or 63 be 
protected as SGI or classified information, to ensure that the plan 
itself is properly protected and that greater regulatory consistency is 
maintained. In addition, the commenter recommends that the NRC revise 
parts 60 and 63 to require design for physical security and the 
physical security, safeguards contingency, and guard qualification and 
training plans be controlled as SGI or classified information per parts 
25 and 95.
    Response: The SGI definition includes the disclaimer that it does 
not include information classified as National Security Information or 
Restricted Data. Any information covered by the classification guide as 
constituting National Security Information would continue to be 
classified. The proposed regulation would cover security related 
information that is not covered by the classification guide. Changes to 
this revised proposed rule are not necessary to specify which 
information is considered to be National Security Information and which 
is SGI, however, changes to the original proposed rule have been made 
in Sec. Sec.  60.21, 60.42, 63.21, and 63.42 to clarify that security 
information associated with a geologic repository would be protected as 
SGI or as classified information. The NRC has also revised the original 
proposed rule language to remove the inconsistency in terminology for 
the ``physical security,'' ``safeguards contingency,'' and ``guard 
qualification and training plans.''
    Comment: One commenter suggested that the program entitled ``Joint 
DOE and NRC Sensitive Unclassified Information and Classification Guide 
for the Office of Civilian Radioactive Waste Management Program'' 
remains an adequate and acceptable program, as written, for the 
identification of SGI and its continued use in the part 63 licensing 
process will be in compliance with this rulemaking.
    Response: A classification/designation guide, ``Joint DOE and NRC 
Sensitive Unclassified Information and Classification Guide for the 
Office of Civilian Radioactive Waste Management Program,'' has been 
issued by the NRC and the DOE. This guide reflects the current laws and 
regulations governing classification and designation of information 
required to be protected from unauthorized disclosure. The NRC staff 
believes that this guide represents the information proposed to be 
protected by the current rulemaking.
Part 73: Physical Protection of Plants and Materials

Section 73.2 Definitions

    The Commission received numerous comments on the definitions. 
Commenters asked the Commission to revise, delete, or add definitions 
for terms used in the rule. Some new terms have been added because of 
changes made in other sections of the revised proposed rule. Public 
comments and responses to the comments, as well other reasons for 
changes to Sec.  73.2, are presented below.

[[Page 64012]]

Comprehensive Background Check
    Comment: Commenters suggested that the term ``comprehensive 
background check'' be defined.
    Response: The Commission has changed the phrase ``comprehensive 
background check'' to ``background check'' in the new proposed rule. 
The change is intended to more clearly distinguish the background check 
requirements of this revised proposed rule from the background 
investigation requirements of other regulations governing access 
authorization (10 CFR 73.56). Background investigations required under 
those regulations are arguably more comprehensive. To avoid the 
impression that the background check that would be required by this 
rule would be more stringent or probing than background investigations, 
the word ``comprehensive'' has been deleted.
    The Commission has included a general definition of ``background 
check'' in Sec.  73.2 of the revised proposed rule. A background check 
performed to determine the trustworthiness and reliability of an 
individual to be authorized access to SGI or SGI-M includes, at a 
minimum, a criminal history check, verification of identity, employment 
history, education, and personal references. The EPAct expanded the 
NRC's authority to fingerprint, and as such, entities engaged in 
activities subject to regulation by the Commission, entities who 
applied for licenses or certificates to engage in Commission-regulated 
activities, and entities who have notified the Commission in writing of 
an intent to file an application for licensing, certification, 
permitting, or approval of a product or activity subject to regulation 
by the Commission would be required under 10 CFR 73.57 to conduct 
criminal history checks, including fingerprints, before granting access 
to SGI or SGI-M to the employees of the individual's organization.
    Ultimately, the decision whether an individual is sufficiently 
trustworthy and reliable to receive SGI or SGI-M is made by the person 
granting access. In the case of information held by the NRC staff and 
the originator, the NRC staff would make the determination. The 
background check must be sufficient to support a trustworthiness and 
reliability determination so that the person granting access and the 
Commission have reasonable assurance that individuals granted access to 
SGI do not constitute an unreasonable risk to the public health and 
safety or the common defense and security.
    To reiterate, the background check that would be required by this 
revised proposed rule may not completely satisfy the background 
investigations required under other regulations. Nor does the 
trustworthiness and reliability determination based on the background 
check that would be required by this revised proposed rule satisfy the 
trustworthiness and reliability objectives of other regulations. For 
example, determining trustworthiness and reliability under 10 CFR 73.56 
requires not only a background investigation, but a psychological 
assessment and behavioral observation as well. Determining 
trustworthiness and reliability under 10 CFR 26.10 requires chemical 
and alcohol testing under a fitness-for-duty program. Those 
requirements are separate from the requirements of this revised 
proposed rule.
    The NRC staff plans to issue further guidance that will include a 
discussion of acceptable background checks to support a licensee's 
trustworthiness and reliability determinations.
Detailed Control and Accounting Procedures
    Comment: One commenter suggested that the term ``detailed control 
and accounting procedures'' for SNM needs clarification, for example, 
as to whether it includes: (1) The written directions for transferring 
fuel between the fuel pool and the reactor; (2) the outage schedule 
that shows when fuel movement occurs; (3) the real-time communication 
channels or video-monitoring to support fuel movement; or (4) the 
computer and software that performs the isotopic calculations for 
irradiated fuel. The commenter is concerned that restricting access to 
these types of detailed information would significantly hamper work 
coordination and communication with